Disabling the CSRF Middleware in Laravel 5.1

By default, Laravel forces CSRF middleware on all requests to protect your application from cross-site request forgeries. It automatically produce a CSRF token for each active session and this token is used to verify that the user making requests to your application is authenticated.

Although this is a very useful feature, you may want to turn it off for some requests specially for external requests where you don’t have ability to set a CSRF token. For example, if you are using Stripe to process payments, you will need to disable CSRF middleware for your webhook handler route.

To exclude routes from CSRF protection you need to add them to the $except property of the VerifyCsrfToken middleware located inside App/Http/Middleware folder.